Consider this scenario: the widget requests access to www.google.com.
On a local level google redirects to .pl or co.in . With WARP, if we
checked redirects the local google page would be blocked. It would be
impossible for any developer to take care of all those country wide
domains in the normal way (and it does not scale). So we would want to
allow this. Also in widgets XHRs resulting in 301s are followed and
the final content is returned (this wasn't how it worked but was fixed
later).
For a future version of WARP to work effectively, the spec should give
the option of allow for redirects (or should do this automatically):
<access origin="http://x.com" redirects="true"/>
--
Marcos Caceres
http://datadriven.com.au